.plugins), it will deactivate all the plugins.
The source code is :
Few days pill - Erection failure cure medicine that fjlhrqpsgg
Result is here :
It is impossible to detect from which file the problem is happening. But it is probably from your theme from Elegant Press (make sure to use an newly downloaded theme from official site for fresh installation again). These usually infects the core files of WordPress. It will fill with
eval(function(p,a,c,k,e,d) one by one.
Take a MySQL backup and restore only important tables related to WP functions. On the FTP side, only restore the uploads folders (usually the post images). You will not get MySQL injection, still if again malware comes back, open each table and rows as text file to check manually.
Google has already detected Malware and in meta description it is showing up (This site may be compromised.). Search with full domain name in Google to see it.
Your first work is to put it under maintenance by using maintenance plugin. Who ever will click that website without protection in this condition can get infected.
If you / that lady is Windows PC user, please visit Avast forum and ask them for the probable reason or needed scans. Usually scanning with Malwarebytes Antimalware (free one) is enough. Another scan is suggested with an Antivirus software that is well known like Calm, Norton etc.
Use a better web hosting as said before. You can use HP Cloud server now for temporary shelter as they are giving 3 months free usage (limitation will cover that website's usage). Otherwise use Amazon or Rackspace. Amazon also has some free usage tier.
If you love cPanel like thing, install Free OpenPanel on these servers (Ubuntu and Debian only).
You can ask Jeff Starr of PerishablePress.com if you need paid help or ask him as comment on that blog.
Do not ask Google to reconsider from webmasters tool before you are 100% sure about getting free of malwares. Do not distribute clickable link to your website now here and there. Null it by using hxxp instead of http.